Built for a global world.
Compliant by default.

Privacy isn't just a feature we bolt on — it's how we build. Serus is designed to meet the requirements of the GDPR and UK GDPR from the ground up, whether you're in Stockholm, London, or anywhere else. This page explains your rights, how we protect your data, and how to exercise control over it.


If you're in the EEA or UK, this one's especially for you.

GDPR & EEA/UK/CH Privacy Rights

Last Update: April 13th, 2026

Introduction

Serus is committed to protecting personal data and respecting privacy rights. This page explains how Serus supports compliance with the EU General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”), the UK GDPR and the UK Data Protection Act 2018, and—where applicable—similar laws in Switzerland and other jurisdictions. In this page, ‘Services’ has the meaning given in our Terms of Service.


Serus is operated by ANON AI Labs, Inc., a Delaware corporation (United States) (“Serus,” “ANON,” “we,” “us,” or “our”). This page should be read together with our:

Terms of Service (https://www.serus.ai/legal/terms)

Data Processing Addendum (DPA) (https://www.serus.ai/legal/dpa)

Subprocessors list (https://www.serus.ai/legal/subprocessors)

Privacy Policy (https://www.serus.ai/legal/privacy)

Cookie Policy (https://www.serus.ai/legal/cookies)

Acceptable Use Policy (https://www.serus.ai/legal/acceptable-use)

1. Roles and Responsibilities (Controller vs. Processor)

Serus as controller (typical for individual users):

Serus acts as a controller for account creation and administration, billing, customer support, product analytics, fraud prevention, and security operations. Details are in our Privacy Policy.

Serus as processor (typical for business/organization customers):

If you use Serus on behalf of an organization (including via platform, API, or white-label), Serus generally acts as a processor for Customer Data you submit into the Services. In those cases, our DPA governs the processing and your responsibilities as controller.

Your responsibilities:

If you submit personal data into the Services (including data about third parties), you are responsible for ensuring you have a valid legal basis and any required notices/permissions under applicable law.

Data Protection Officer:

We have appointed a Data Protection Officer who can be reached at dpo@serus.ai. Our DPO oversees our data protection practices and serves as a point of contact for data subjects and supervisory authorities on matters relating to the processing of personal data and the exercise of data protection rights.

2. What Personal Data We Process

Depending on your use of the Services, Serus may process:

  • Account data (e.g., name, email, account identifiers, billing/admin details)

  • Customer Data you submit (e.g., search inputs, monitoring targets, and removal request details)

  • Outputs generated for you (e.g., results and alerts derived from publicly available sources and third-party datasets)

  • Security and usage data (e.g., logs, timestamps, device/browser info, IP address where appropriate for security and abuse prevention)


Some features may allow users to view unredacted high-risk data (such as exposed passwords, authentication tokens, financial identifiers, or similar data) (“Sensitive Information”). Access to Sensitive Information may be gated by confirmations, role-based or account-level controls, and other safeguards. You may use Sensitive Information only for lawful and authorized purposes, and you must comply with our Acceptable Use Policy.

3. Lawful Bases for Processing (GDPR Article 6)

Where the GDPR/UK GDPR applies, Serus processes personal data under one or more of the following lawful bases:

  • Contract necessity – to provide the Services you request (for example, account access, searches, monitoring, alerts, and feature delivery).

  • Legitimate interests – to secure and improve the Services, prevent abuse and fraud, maintain reliability, and protect Serus and users (balanced against your rights).

  • Consent – where required (for example, for non-essential cookies/marketing technologies, or where a feature requires an affirmative confirmation).

  • Legal obligation – to comply with applicable laws, lawful requests, and regulatory requirements.


Where applicable, we apply additional safeguards for special categories of data (GDPR Article 9) and criminal-offence data (Article 10), including limiting access and restricting use, consistent with our policies and the Services design.

4. Removal Requests and Authority

If you use Serus removal request features, you instruct Serus to process and transmit relevant information to third-party websites, platforms, or services in order to submit removal requests on your behalf (including where you configure automated submission).


You represent and warrant that you have the legal right and authority to submit the information and request removal (including where you act as an authorized agent). Serus may request reasonable verification and may refuse or suspend requests we reasonably believe are unauthorized, inaccurate, abusive, fraudulent, or unlawful.

Important:

Removal outcomes depend on third parties and may be temporary, partial, reversible, or denied.

5. Security Measures

Serus implements reasonable technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Measures may include:

  • encryption in transit (e.g., TLS) and, where appropriate, encryption at rest

  • automated redaction of sensitive values (such as credentials and tokens) from operational logs to prevent credential leakage;

  • access controls and least-privilege permissions

  • monitoring and logging for security and abuse prevention

  • vulnerability management and secure development practices

  • incident response and recovery procedures

Serus does not claim SOC 2 or ISO 27001 certification unless expressly stated in writing.

Data Protection Impact Assessments

Serus has conducted Data Protection Impact Assessments (DPIAs) for its core processing activities in accordance with GDPR Article 35, including processing of breach data, OSINT monitoring, and removal request workflows. DPIAs are reviewed and updated periodically or when significant changes are made to our processing activities.

6. International Data Transfers

Serus may process personal data globally, including in the United States and other jurisdictions where Serus and our subprocessors operate. Where GDPR/UK GDPR applies and personal data is transferred to jurisdictions without an adequacy decision, Serus uses recognized transfer safeguards such as the EU Standard Contractual Clauses (SCCs) and, where applicable, the UK Addendum or other valid transfer mechanisms under applicable law. More information is available in our DPA and Subprocessors list.

7. Your Rights Under GDPR (and Similar Laws)

If GDPR (or similar law) applies to you, you may have the right to:

  • Access – request a copy of your personal data

  • Rectification – correct inaccurate or incomplete data

  • Erasure – request deletion in certain circumstances

  • Restriction – limit processing in certain circumstances

  • Portability – receive data in a structured, machine-readable format (where applicable)

  • Objection – object to processing based on legitimate interests

  • Withdraw consent – where processing is based on consent (withdrawal does not affect prior processing)


Some rights may be limited or subject to exceptions (for example, where we must retain certain data for legal compliance, security, or dispute resolution).

8. How to Exercise Your Rights

EU, UK, or Switzerland residents:
Submit your request through our Trust Center at https://app.prighter.com/portal/serus-privacy. Prighter Group is our appointed representative under GDPR Article 27 and will ensure your request is forwarded and processed promptly.

You may also contact our Data Protection Officer directly at dpo@serus.ai.

Please note:
You can export or delete all your data and account anytime from your account settings.

We may request information to verify your identity and/or authority before completing a request. We generally respond within one month, and may extend that period where permitted by GDPR (for example, for complex requests), in which case we will inform you.

EU, UK, or Switzerland residents:
Submit your request through our Trust Center at https://app.prighter.com/portal/serus-privacy. Prighter Group is our appointed representative under GDPR Article 27 and will ensure your request is forwarded and processed promptly.

You may also contact our Data Protection Officer directly at dpo@serus.ai.

Please note:
You can export or delete all your data and account anytime from your account settings.

We may request information to verify your identity and/or authority before completing a request. We generally respond within one month, and may extend that period where permitted by GDPR (for example, for complex requests), in which case we will inform you.

EU, UK, or Switzerland residents:
Submit your request through our Trust Center at https://app.prighter.com/portal/serus-privacy. Prighter Group is our appointed representative under GDPR Article 27 and will ensure your request is forwarded and processed promptly.

You may also contact our Data Protection Officer directly at dpo@serus.ai.

Please note:
You can export or delete all your data and account anytime from your account settings.

We may request information to verify your identity and/or authority before completing a request. We generally respond within one month, and may extend that period where permitted by GDPR (for example, for complex requests), in which case we will inform you.

9. Data Retention

We keep personal data only as long as necessary for the purposes described in our Privacy Policy and to meet legal, accounting, security, and operational requirements. For specific retention periods by data category, see Section 10 of our Privacy Policy.

10. Complaints to a Supervisory Authority

If you are in the EEA/UK/Switzerland, you have the right to lodge a complaint with your local data protection authority. You may also contact the authority in the country where you live, work, or where you believe a violation occurred.

11. Complaints to a Supervisory Authority

We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact for the following regions:

• European Union (EU)
• United Kingdom (UK)
• Switzerland

Prighter gives you an easy way to exercise your privacy-related rights. If you want to contact us via our representative, Prighter, or make use of your data subject rights, please visit: https://app.prighter.com/portal/serus-privacy

Please note:
You can export or delete all your data and account anytime from your account settings.

EU Data Act Representative
ANON AI Labs, Inc. has appointed Prighter Group as its legal representative according to Art 37 Data Act. Prighter Group serves as the addressee for competent authorities, users, and other stakeholders in the European Union on all matters related to the Data Act. To contact Prighter Group, please visit: https://app.prighter.com/portal/serus-privacy

We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact for the following regions:

• European Union (EU)
• United Kingdom (UK)
• Switzerland

Prighter gives you an easy way to exercise your privacy-related rights. If you want to contact us via our representative, Prighter, or make use of your data subject rights, please visit: https://app.prighter.com/portal/serus-privacy

Please note:
You can export or delete all your data and account anytime from your account settings.

EU Data Act Representative
ANON AI Labs, Inc. has appointed Prighter Group as its legal representative according to Art 37 Data Act. Prighter Group serves as the addressee for competent authorities, users, and other stakeholders in the European Union on all matters related to the Data Act. To contact Prighter Group, please visit: https://app.prighter.com/portal/serus-privacy

We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact for the following regions:

• European Union (EU)
• United Kingdom (UK)
• Switzerland

Prighter gives you an easy way to exercise your privacy-related rights. If you want to contact us via our representative, Prighter, or make use of your data subject rights, please visit: https://app.prighter.com/portal/serus-privacy

Please note:
You can export or delete all your data and account anytime from your account settings.

EU Data Act Representative
ANON AI Labs, Inc. has appointed Prighter Group as its legal representative according to Art 37 Data Act. Prighter Group serves as the addressee for competent authorities, users, and other stakeholders in the European Union on all matters related to the Data Act. To contact Prighter Group, please visit: https://app.prighter.com/portal/serus-privacy

12. Changes to This Page

We may update this page to reflect changes in our Services, legal requirements, or our privacy practices. We will post updates here, and material changes may be communicated through the Services.